Information security risk management planning of digital certificate management case study: Balai sertifikasi elektronik

Dana Indra Sensuse, Andy Syahrizal, Faizan Aditya, Muhammad Nazri

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

Otoritas Sertifikat Digital (OSD) is a certificate authority held by Balai Sertifikasi Elektronik (BSrE) of the Badan Siber dan Sandi Negara (BSSN). Digital certificate management is the primary business process of Otoritas Sertifikat Digital Layanan Universal (OSD LU), which, if it is interrupted, the OSD business process cannot run smoothly and has an impact on the digital certification process. With the problem of maintaining the reliability and security of the system it there is a need to classify, analyzed, and carried these risks correctly to diminish the negative repercussions that may arise at an agreeable level. The main goal is to address the issues about risk management planning, particularly in the absence of an information security risk management plans within BSrE. We carried the process of risk assessment utilizing the ISO 27005 framework combined with NIST SP 800-30 revision 1 in assessing the security risks. The results of the risk assessment of the 27 assets identified and 26 risk scenarios that must be mitigated and 38 risk scenarios acceptable to the organization. We hope with this study it can help the BSrE in analyzing and to maintaining the security management plan within the OSD LU system and to provides control recommendations as an effort to minimize information security risks in data communication application within the business processes and produce a strategic plan for handling and accepting risk accompanied by a person in charge of the risk scenario

Original languageEnglish
Title of host publication2020 5th International Conference on Informatics and Computing, ICIC 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728180472
DOIs
Publication statusPublished - 3 Nov 2020
Event5th International Conference on Informatics and Computing, ICIC 2020 - Virtual, Jakarta, Indonesia
Duration: 3 Nov 20204 Nov 2020

Publication series

Name2020 5th International Conference on Informatics and Computing, ICIC 2020

Conference

Conference5th International Conference on Informatics and Computing, ICIC 2020
Country/TerritoryIndonesia
CityVirtual, Jakarta
Period3/11/204/11/20

Keywords

  • Digital certificate
  • Information security
  • Risk
  • Risk management
  • Risk management planning

Fingerprint

Dive into the research topics of 'Information security risk management planning of digital certificate management case study: Balai sertifikasi elektronik'. Together they form a unique fingerprint.

Cite this